LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 11-22-2007, 04:06 AM   #1
robo555
LQ Newbie
 
Registered: Mar 2003
Posts: 7

Rep: Reputation: 0
Using Set UID to run script as root


I have a backup script that simply tars up a couple of folders, but it needs to be as root to read all the files without errors.

I read the UID article here:

http://www.linuxjournal.com/article/2114

and chmod my script to 4711, permission of the file is as follow:

-rws--x--x 1 root root 430 Nov 22 22:38 backup.sh*

However, when I run the script as a normal user, it still gives errors when running the tar command.

What am I doing wrong? How can I allow any regular users to run the script as root, I'll rather not have to fiddle with the sudoer file.

The backup script is something like:

---

#!/bin/bash

tar -zcf /backups/daily.tar.gz \
/backups/mysql/daily \
/home

---
 
Old 11-22-2007, 04:25 AM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
You can't have suid scripts in Linux for security reasons.

It shouldn't be too hard using "visudo" to modify /etc/sudoers. There is an example of allowing regular users to mount a cdrom as root. Base your entry on that.
 
Old 11-22-2007, 10:45 PM   #3
choogendyk
Senior Member
 
Registered: Aug 2007
Location: Massachusetts, USA
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,189

Rep: Reputation: 105Reputation: 105
To expand a bit on jschiwal's comments, you could look at http://www.linuxsecurity.com/content/view/119415/49/ which explains the issues around shell scripts and suid, pointing out that modern distributions of linux will not respect the suid bit or the guid bit on shell scripts.

sudo really is the proper way of doing these things. If you are managing this sort of setup and want to provide limited root capabilities for other users without compromising the security of your system, then you really should get to know sudo. If you aren't already familiar with it, go over the man page of course, but there are also some interesting links on the wikipedia page http://en.wikipedia.org/wiki/Sudo
 
Old 11-23-2007, 12:05 AM   #4
robo555
LQ Newbie
 
Registered: Mar 2003
Posts: 7

Original Poster
Rep: Reputation: 0
Cool, thanks everyone, I can now run the script using sudo without a password by adding the following line to sudoes:

robo ALL=NOPASSWD:/backups/backup.sh

Brings me to the next question...what user name does cron/anacron job gets run under? i.e. how do I setup anacron to run the script as root?

Secondly...slightly off topic, how do I save the messages that tar prints out to a text file?

Last edited by robo555; 11-23-2007 at 12:13 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to run script of another user from root? sikandar Linux - Software 4 09-05-2007 03:42 AM
Is a script, run at boot time from init.d, run with root authority? tmbrwolf53 Linux - Server 2 03-31-2007 08:15 PM
is it legitimate and allowed and can be done to make another user account set uid and gid to null 0 to make another root account with different name and possibly not damage the debian system creating and using that new account BenJoBoy Linux - Newbie 12 01-29-2006 10:02 AM
Set UID hinetvenkat Linux - Security 4 06-08-2005 03:50 AM
startup script to set up iptables rules doesn't run alexfittyfives Debian 2 06-01-2004 07:21 PM


All times are GMT -5. The time now is 04:26 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration